ESF Passtokens

Passtokens are an optional ESF feature for communicating a user's identity between security domains. Passtokens let one Enterprise Server component (an enterprise server region or MFDS) signon to another Enterprise Server component on behalf of a user, without requiring that user's normal credentials, typically a password.

In effect, a passtoken is a one-time or limited-time substitute for a user's password. A passtoken is associated with a user (and signon group) when it is created, and can only be used to sign on as that user.

If passtokens are enabled, they can be used for the following purposes:

Not all ESM Modules support passtokens. If you are using a module that does not support passtokens to verify users, user identities are not automatically transferred across security domains, and users have to explicitly signon with their normal credentials in each domain.

Note: To use ESF passtokens between components with separate security configurations, such as the Enterprise Server Administration user interface hosted by Micro Focus Directory Server (MFDS) and the ES Monitor & Control interface hosted in the region, the security configurations for both components must be identical. Passtokens between components with differing configurations might work but are not supported.